Burp Suite User Forum

Create new post

Burp Enterprise not scanning appropriately

Chandrakanth | Last updated: Mar 06, 2019 02:54AM UTC

Team, The burp enterprise is not scanning as expected. I was using beta12.0 which used to take one hour for scanning the whole site but it automatically upgraded to the latest version . and the scan end in 1-2 minutes with the similar configurations. Could you please let me know how can I troubleshoot this?

PortSwigger Agent | Last updated: Mar 06, 2019 08:04AM UTC

Do you have automatic updates turned on for Enterprise and Scanner. There has recently been an update to the crawler algorithm within the Scanner, which might explain the change in scan times. Did the scan return the same issues as the earlier version? To confirm the scan is working you could use Burp Suite Pro. Set up a crawl and audit and compare results. This will do the same as Burp Enterprise but will produce more diagnostic information.

Burp User | Last updated: Mar 06, 2019 10:34PM UTC

Yes Nick, Auto update feature has been turned on. However, the scan did not return the same results. I don't think the scanner can even crawl the site in 1 minute. Tested numerous times and the scan end in less than 2 minutes.

PortSwigger Agent | Last updated: Mar 07, 2019 04:08PM UTC

Thanks for clarifying. To investigate further we'll need a crawl debug log. You can enable this by applying a scan configuration like this: bc. { "crawler":{ "crawl_optimization":{ "logging_directory":"/var/log/BurpSuiteEnterpriseEdition", "logging_enabled":true } } } Set the logging_directory to a path that the agent has write access to (the above works for Linux). Then save as a file and upload as a scan configuration. Run a scan and once it has completed, please check the directory for a crawlDebug-* file and send this to support@portswigger.net

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.